CVE-2014-3917

Published: Jun 5, 2014Modified: May 6, 2026

3.3

Vector

AV:L/AC:M/Au:N/C:P/I:N/A:P

Exploitability: 3.4 / Impact: 4.9

Source: NVD

Description

kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number.

Affected (18)

Products: Suse: Linux Enterprise Desktop · Redhat: Enterprise Linux, Enterprise Mrg · Linux: Linux Kernel

1 product

Linux Enterprise Desktop

2 products

Enterprise Linux

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Suse Linux Enterprise Desktop	Version 10.0 sp4

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 5
Redhat Enterprise Linux	Version 6.0
Redhat Enterprise Mrg	Version 2.0

Configuration C

14 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Up to 3.14.5
Linux Linux Kernel	Version 3.14.1
Linux Linux Kernel	Version 3.14.2
Linux Linux Kernel	Version 3.14.3
Linux Linux Kernel	Version 3.14.4
Linux Linux Kernel	Version 3.14
Linux Linux Kernel	Version 3.14 rc1
Linux Linux Kernel	Version 3.14 rc2
Linux Linux Kernel	Version 3.14 rc3
Linux Linux Kernel	Version 3.14 rc4
Linux Linux Kernel	Version 3.14 rc5
Linux Linux Kernel	Version 3.14 rc6
Linux Linux Kernel	Version 3.14 rc7
Linux Linux Kernel	Version 3.14 rc8

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (22)

http://article.gmane.org/gmane.linux.kernel/1713179

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2014-1143.html

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2014-1281.html

Source: cve@mitre.org

http://secunia.com/advisories/59777

Source: cve@mitre.org

http://secunia.com/advisories/60011

Source: cve@mitre.org

http://secunia.com/advisories/60564

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2014/05/29/5

Source: cve@mitre.org

http://www.ubuntu.com/usn/USN-2334-1

Source: cve@mitre.org

http://www.ubuntu.com/usn/USN-2335-1

Source: cve@mitre.org

https://bugzilla.redhat.com/show_bug.cgi?id=1102571

Source: cve@mitre.org

http://article.gmane.org/gmane.linux.kernel/1713179

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2014-1143.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2014-1281.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/59777

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/60011

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/60564

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2014/05/29/5

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2334-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2335-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=1102571

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.